Skip to Content

SAP Supplier Portal

Supplier Enablement and Risk Assessment


Data Processing Enablement

Data Processing enablement is required if your company is providing services to SAP SE and/or SAP affiliated companies or their respective resellers or customers which require the processing of personal data or access to systems that may contain personal data. 


The SAP Master Agreement on the Commissioned Processing of Personal Data (“MDPA”) is our global standard agreement used with all SAP contractors processing or accessing personal data on behalf of SAP and/or SAP affiliates or SAP resellers or customers to ensure a consistent level of data protection across the complete processing chain. 


The MDPA reflects the requirements of the General Data Protection Regulation (GDPR) and governs the processing of personal data of data subjects located in the EU as of May 2018 but is also intended to satisfy the requirements of non-EU data protection laws. SAP requires this global MDPA to achieve compliance with its global data protection standards (which are based on the GDPR) and to meet legal and contractual obligations under its customer agreements. 


The MDPA is a standard agreement which reflects the regulatory requirements as well the terms agreed with our customers. Not entering into the MDPA with SAP may disqualify you as an SAP contractor for providing services related to the processing or accessing personal data on behalf of SAP and/or SAP affiliates or SAP resellers or customers.


SAP is in the process of updating the MDPA to include the new Standard Contractual Clauses. Please refer to the document below on this update. 



Third Party Risk Assessment tool

To ensure maximum reliability for our customers, suppliers are required to successfully complete our Third Party Risk Assessment (TPRM) process. 

Watch the video to learn why we ask suppliers to undergo a risk assessment and access the files below for more information about the tool and the assessment process.

Back to top